Comment # 8 on bug 1209741 from 
(In reply to Fabian Vogt from comment #4)
> Can pam_systemd somehow forward the session keyring to the systemd user
> instance it starts? If not, the only option I see is to have separate
> session keyrings for systemd user services and other parts of the session.

I understand the intent is to use KEY_SPEC_SESSION_KEYRING (not
KEY_SPEC_USER_SESSION_KEYRING nor KEY_SPEC_USER_KEYRING). As you wrote this is
shared via forking ancestry. A process calling into pam_systemd and the systemd
user instance are not generally comparable in this relation, so a "horizontal"
passing would be needed. I can see there is only KEYCTL_SESSION_TO_PARENT,
which could partly overcome this but it wouldn't work for already forked
processes.

Another idea (besides Lennart's KEY_SPEC_USER_KEYRING but not very sane) would
be to start desktop environment as a systemd user instance service (i.e. DE
comparable in ancestry relation with systemd user instance). (While display
manager would start a particular user instance target to bring all up. I never
saw that except for this related Archlinux attempt [1].)

[1]
https://wiki.archlinux.org/title/Systemd/User#Xorg_as_a_systemd_user_service

You are receiving this mail because: